Utilizing Machine Learning to detect malicious Office documents

§103 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims The Amendment filed on December 08, 2025, has been entered. Claims 1, 3, 9, 11, 17, and 19 were amended. Claims 4-5, 12-13, and 20 were canceled. As a result, claims 1-3, 6-11, 14-19, and 21-25 are pending, of which claims 1, 9, and 17 are in independent form. Response to Amendment Applicant’s amendment regarding claims 1, 9, and 17 does not obviate the claim rejection under 35 USC § 112(a), therefore the examiner maintains the claim rejection. Applicant’s amendment regarding claims 1, 9, and 17 obviates the claim rejection under 35 USC § 112(b), therefore the claim rejection is withdrawn. Response to Arguments Applicant’s arguments with respect to claim(s) are rejected, under 35 USC 103(a), have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter. Claim 1 recites “selecting training data for a machine learning model based on the determined distribution monitored in the production traffic and the determined features”. The non-provisional specification fails to provide written description support for the claim limitation of “selecting training data …based on the determined distribution monitored in the production traffic …”. It is noted that the specification while repeating (i.e., the training data can include benign Office documents with macros and with embedded objects and malicious Office documents with macros and with embedded objects, and the quantity of the benign and malicious Office documents is selected based on the distribution, see paragraph [0053]). However, there is no disclosure as to how such quantities are selected. The disclosure merely states a desired outcome without describing any process, or algorithm for achieving that outcome. Further, claim 1 recites “wherein quantities of the benign documents and malicious documents in the training data are selected based on the distribution determined based on the distribution determined by the inline monitoring,”. The non-provisional specification fails to provide written description support for the claim limitation of “wherein quantities of the benign documents and malicious documents in the training data are selected based on the distribution determined based on the distribution determined by the inline monitoring,” (i.e., a file, detected during inline monitoring in the cloud-based system 100, to detect malware therein. That is, a machine learning model is built and trained as described herein to detect malicious Office documents. It follows that the machine learning predictions require high precision due to the impact of a false prediction, i.e., finding a malicious file to be benign, see paragraph [0041]). The specification does not sufficiently describe the claim step of selecting quantities of benign and malicious documents based on a distribution determined by inline monitoring. On Pages 13-19 of remarks , Applicant argues that “the references do not teach the claimed Closed-Loop…”. The Examiner disagrees. The independent claims do not recite a closed-loop system. Specifically, the claims fail to require feedback of an output of the machine learning model back into the training or selection steps to automatically modify system behavior. Rather, the claims recite a linear sequence for determining, selecting and training steps without any claim-recited feedback control. Further, Applicant states that “None of the cited references, alone or in combination, teach or suggest this end-to-end control loop”. The Examiner disagrees. Neither the claim nor the specification discloses an end-to-end control loop. The claim recites a linear machine learning comprising monitoring, distribution determination, model training. Likewise, the specification describes monitoring and training based on observed distribution. Any interpretation that the system constitutes an end-to-end control loop would improperly reads unclaimed limitations into the discloser. Furthermore, Applicant argues that Schmidtler and Nissim and Gauthier fail to teach “inline monitoring of production traffic; and "specific quantities of benign documents and specific quantities of malicious documents ... determined based on the distribution determined by the inline monitoring.". Applicant’s arguments, with respect to the rejection(s) of claim(s) have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejections is made in view of Wang et al. (US 10,462,170 B1). In addition, Applicant argues that “Harang does not teach weighting or rations based on monitored Micro vs Embedded-Object Distributions”. The Examiner disagrees with Applicant and has a different view of prior art teachings and claim interpretation. It is noted HARANG in Paragraph [0032] teaches the ML model data 121 can include data representing parameters of the ML model 112 (e.g., parameters specifying the architecture of a neural network included in the ML model 112, weights and adjustments to weights associated with a neural network included in the ML model 112, etc, and HARANG in paragraph [0039] teaches the feature extractor 111 can be configured to extract features of other data types or structures, such as of text or character streams, program instructions, macros, embedded Visual Basic Application (VBA) code, metadata associated with a word processing file, and the like. Further, in paragraph [0025], Harang teaches FIGS. 4A-4D illustrate decision boundaries (e,g., decision boundaries 431A, 431C, and 431D) learned by ML models to distinguish between data sets represented by the dots 434 a, the dots 434 b, and the dots 434 c shown on the feature space (feature 1 vs feature 2). The features can be any suitable numerical statistic or combination of numerical statistics derived from each set of artifacts represented by each set of dots. Therefore, the machine learning model is trained based on the extracted features are equated to weights associated with a neural network included in the ML model. In regards to dependent claim 22, The examiner is relying on a new ground(s) of rejections is made in view of Wang et al. (US 10,462,170 B1). Independent claims 9 and 17 are similarly rejected. Claims 2-3, 6-8, 10-11, 14-16, 18-19, and 21-25 which are dependent to claims 1, 9, and 17 are similarly rejected. Therefore, the examiner maintains the rejection under 35 USC § 103. Claim Objections Claims 1, 9, and 17 are objected to because of the following informalities: The phrase “determined based on the distribution” is repeated, resulting in redundant and unnecessarily verbose claim language. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL. — The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-3, 6-11, 14-19, and 21-25 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 1 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 1 recites “selecting training data for a machine learning model based on the determined distribution monitored in the production traffic and the determined features”. The non-provisional specification fails to provide written description support for the claim limitation of “selecting training data …based on the determined distribution monitored in the production traffic …”. It is noted that the specification while repeating (i.e., the training data can include benign Office documents with macros and with embedded objects and malicious Office documents with macros and with embedded objects, and the quantity of the benign and malicious Office documents is selected based on the distribution, see paragraph [0053]). However, there is no disclosure as to how such quantities are selected. The disclosure merely states a desired outcome without describing any process, or algorithm for achieving that outcome. Further, claim 1 recites “wherein quantities of the benign documents and malicious documents in the training data are selected based on the distribution determined based on the distribution determined by the inline monitoring,”. The non-provisional specification fails to provide written description support for the claim limitation of “wherein quantities of the benign documents and malicious documents in the training data are selected based on the distribution determined based on the distribution determined by the inline monitoring,” (i.e., a file, detected during inline monitoring in the cloud-based system 100, to detect malware therein. That is, a machine learning model is built and trained as described herein to detect malicious Office documents. It follows that the machine learning predictions require high precision due to the impact of a false prediction, i.e., finding a malicious file to be benign, see paragraph [0041]). The specification does not sufficiently describe the claim step of selecting quantities of benign and malicious documents based on a distribution determined by inline monitoring. Note though that a claim will not be found inadequate on section 112(a) ground simply because the embodiments of the specification do not contain examples explicitly covering the full scope of the claim language. That is because the patent specification is written for a person of ordinary skill in the art, and such a person comes to the patent disclosure with the knowledge of what has come before. While a claim will not usually be limited to a particular species described in the specification, it is clear from the non-provisional specification in this application that the disclosed. The level of detail required to satisfy the written description requirement varies depending on the nature and scope of the claims and on the complexity and predictability of the relevant technology. Ariad, 598 F.3d at 1351, 94 USPQ2d at 1172; Capon v. Eshhar, 418 F.3d 1349, 1357-58, 76 USPQ2d 1078, 1083-84 (Fed. Cir. 2005). Computer-implemented inventions are often disclosed and claimed in terms of their functionality. For computer-implemented inventions, the determination of the sufficiency of disclosure will require an inquiry into the sufficiency of both the disclosed hardware and the disclosed software due to the interrelationship and interdependence of computer hardware and software. The critical inquiry is whether the disclosure of the application relied upon reasonably conveys to those skilled in the art that the inventor had possession of the claimed subject matter as of the filing date. Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 682. 114 USPQ2d 1349, 1356 (citing Ariad Pharm., Inc. V. Eli Lilly & Co, 598 F.3d 1336, 1351, 94 USPQ2d 1161, 1172 (Fed. Cir. 2010) in the context of determining possession of a claimed means of accessing disparate databases). Independent claims 9 and 17 are similarly rejected. Claims 2-3, 6-8, 10-11, 14-16, 18-19, and 21-25 which are dependent to claims 1, 9, and 17 are similarly rejected. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 7-11, 15-19, and 21-25 are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (US 10,462,170 B1), hereinafter Wang in view of the article entitled “ALDOCX: Detection of Unknown Malicious Microsoft Office Documents Using Designated Active Learning Methods Based on New Structural Feature Extraction Methodology” by NISSIM et al., hereinafter NISSIM and further in view of HARANG et al. (US 2021/0241175 A1), hereinafter HARANG. In regards to claim 1, Wang discloses a non-transitory computer-readable storage medium having computer-readable code stored thereon for programming one or more processors to perform steps of (Wang, Col. 2, Lines 41-50): performing inline monitoring of production traffic (Wang, Col. 3, Lines 42-45, network security system 130 may be communicatively connected to switch 125 behind firewall 120 to monitor network traffic to and from private network 110. As a non-limiting example, network security system 130 may be a Snort-based system ), the production traffic being traffic between one or more users and a cloud-based system (Wang, Fig. 1); based on the inline monitoring of production traffic including documents (Wang, Col. 2, Lines 31-35, by paring a Snort stream and a log stream by time mark information and utilizing threat tagging information to programmatically and automatically tag log data, threat correlated information can be automatically generated from the log data utilizing statistical methods), selecting training data for a machine learning model based on the determined distribution monitored in the production content and the determined features (Wang, Col. 10, Lines 1-7, the training set can be divided into a data set with identified “true” incident and a data set without any identified “true” incident. Then, with each ([MsgType],[Location]) tuple, the machine compares the distribution of those OOV words in each tuple for the two data sets and measures the statistical distance using Kullback-Leibler divergence); and wherein the training data includes benign documents and malicious documents (Wang, Col. 9, Lines 1-7, as an example, 90% of the data may be used as training data sets for training the machine to learn the characteristics of potential attacks and use the learned knowledge on such characteristics to predict “true” incidents. 10% of the data may be used as test data sets for testing the accuracy in such “true” incidents predictions), and wherein quantities of the benign documents and malicious documents in the training data are selected based on the distribution determined based on the distribution determined by the inline monitoring (Wang, Col. 9, Lines 1-7, as an example, 90% of the data may be used as training data sets for training the machine to learn the characteristics of potential attacks and use the learned knowledge on such characteristics to predict “true” incidents. 10% of the data may be used as test data sets for testing the accuracy in such “true” incidents predictions) and (Wang, Col. 2, Lines 21-22, the log data described herein in most cases can be independently collected from Snort data, it is noted that Sort stream equates to inline monitoring); Wang does not explicitly disclose determining, for malicious documents encountered in the production traffic, a distribution between malicious documents having malicious macros and malicious documents having malicious embedded objects; determining features for the malicious documents having malicious macros and for the malicious documents having malicious embedded objects; However, Nissim teaches determining, for malicious documents encountered in the production traffic, a distribution between malicious documents having malicious macros and malicious documents having malicious embedded objects (NISSIM, Table III, and Page. 0639, The most popular attacks through docx files are launched via macro, file embedding, and OLE categories, and it is significant that the most prominent features belong to these categories) and (NISSIM, Table III, Occurrence Percentage in malicious files, which corresponds to a distribution between malicious macros and malicious documents having malicious embedded objects); determining features for the malicious documents having malicious macros and for the malicious documents having malicious embedded objects (NISSIM, Table II, and Page. 0639, SFEM also extracts features that are strongly indicative of, and related to, the attack techniques used in malicious MS Office files (presented in section 3): (1) malicious macro code via VBA code embedded in the docx file, and (2) malicious Object Linking and Embedding (OLE) objects (presented in Table II)); Wang and NISSIM are both considered to be analogous to the claim invention because they are in the same field of monitoring and detecting malware in the documents. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang to incorporate the teachings of Nissim to include determining, for malicious documents encountered in the production traffic, a distribution between malicious documents having malicious macros and malicious documents having malicious embedded objects (NISSIM, Table III, and Page. 0639) and (NISSIM, Table III); determining features for the malicious documents having malicious macros and for the malicious documents having malicious embedded objects (NISSIM, Table II, and Page. 0639). Doing so would aid maintain the predictive performance of the detection model that serves as the knowledge store of the acquisition process (Nissim, Page. 643). The combination of Wang and NISSIM do not explicitly teach weighing the selected training data based on the distribution of malicious documents having malicious macros and malicious documents having malicious embedded objects; and training the machine learning model with the selected and weighted training data. However, HARANG teaches weighing the selected training data based on the distribution of malicious documents having malicious macros and malicious documents having malicious embedded objects (HARANG, Para. 0032, the ML model data 121 can include data representing parameters of the ML model 112 (e.g., parameters specifying the architecture of a neural network included in the ML model 112, weights and adjustments to weights associated with a neural network included in the ML model 112, etc.)) and (HARANG, Paras. 0003-0004, Malicious artifacts can be embedded and distributed in several forms (e.g., text files, executable files, etc.) that are seemingly harmless in appearance but hard to detect and can be prone to cause severe damage or compromise of sensitive hardware, data, information, and the like… Machine learning models, including neural networks, can be trained to classify artifacts that can potentially carry out malicious activity. However, the landscape of potentially malicious artifacts can change over time. The machine learning models can be retrained to adapt to the changes in the landscape of potentially malicious artifacts) and (HARANG, Para. 0023, for example, document files can include embedded, executable scripts or macros that, in some cases, can be configured to cause malicious activity on a host device (e.g., a computer) or in a host environment (e.g., of a computer, virtual machine, etc.)); training the machine learning model with the selected and weighted training data (HARANG, Para. 0032, The ML model data 121 can include data representing parameters of the ML model 112 (e.g., parameters specifying the architecture of a neural network included in the ML model 112, weights and adjustments to weights associated with a neural network included in the ML model 112, etc.)) and (HARANG, Para. 0048, the trainer 114 can be configured to use ML model data 121 included in the memory 120 to build the ML model 112 at a first time and use a training data set having labeled training artifacts of known classification (i.e., known to be malicious or labelled according to known type of maliciousness) from the of the set of artifacts 122 in the memory 120 to train the ML model 112 to classify the known or labelled artifacts). Wang, NISSIM, and HARANG are all considered to be analogous to the claim invention because they are in the same field of monitoring and detecting malware in the documents. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and NISSIM to incorporate the teachings of HARANG to include weighing the selected training data based on the distribution of malicious documents having malicious macros and malicious documents having malicious embedded objects (HARANG, Para. 0032) and (HARANG, Paras. 0003-0004) and (HARANG, Para. 0023); training the machine learning model with the selected and weighted training data (HARANG, Para. 0032) and (HARANG, Para. 0048). Doing so would aid to detect malware in an attempt to improve detection coverage for the window between the introduction of new malware samples and the writing of specialized signatures to detect the newly introduced malware (HARANG, Para. 0025). In regards to claim 2, the combination of Wang, NISSIM and HARANG teaches the non-transitory computer-readable storage medium of claim 1, wherein the steps further include providing the machine learning model for use in production to detect malicious documents (NISSIM, Page. 0635, the detection model scrutinizes the docx files and provides two values for each file: a classification decision using the SVM classification algorithm and a distance calculation from the separating hyperplane using Equation 1 {4}. A file that the AL method recognizes as informative and has indicated should be acquired is sent to an expert who manually analyzes and labels it {5}. By acquiring these informative docx files, we aim to frequently update the anti-virus software by focusing the expert’s efforts on labeling docx files that are most likely to be malware or on benign docx files that are expected to improve the detection of the model). Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and HARANG to incorporate the teachings of Nissim to include wherein the steps further include providing the machine learning model for use in production to detect malicious documents (NISSIM, Page. 0635). Doing so would aid maintain the predictive performance of the detection model that serves as the knowledge store of the acquisition process (Nissim, Page. 643). In regards to claim 3, the combination of Wang, NISSIM and HARANG teaches the non-transitory computer-readable storage medium of claim 1, wherein the steps further include performing continuous inline monitoring to determine a current distribution between documents having malicious macros and documents having malicious embedded objects of the malicious documents encountered in production (NISSIM, Table II, and Page. 0639, SFEM also extracts features that are strongly indicative of, and related to, the attack techniques used in malicious MS Office files (presented in section 3): (1) malicious macro code via VBA code embedded in the docx file, and (2) malicious Object Linking and Embedding (OLE) objects (presented in Table II)); updating the training of the machine learning model based on any changes in the distribution (NISSIM, Page. 0640, In our acquisition experiments we used 16,811 docx files (16,484 benign, 327 malicious) from our repository and created ten randomly selected datasets with each dataset containing ten subsets of 1,600 files which represent each day’s stream of new files. The 811 remaining files were used by the initial training set to induce the initial model) and retraining the machine learning model with updated training data responsive to any changes in the distribution (NISSIM, Page. 0636, the informative docx files are acquired by the training set, and the signature repository is updated as well, just in case the files are malicious. The detection model is retrained over the updated and extended training set which now also includes the acquired examples that are regarded as being very informative); wherein updating the training of the machine learning model includes updating at least one of (i) quantities of benign documents and malicious documents in the training data (Wang, Col. 9, Lines 1-7, as an example, 90% of the data may be used as training data sets for training the machine to learn the characteristics of potential attacks and use the learned knowledge on such characteristics to predict “true” incidents. 10% of the data may be used as test data sets for testing the accuracy in such “true” incidents predictions); and retraining the machine learning model with updated training data responsive to any changes in the distribution (Nissim, Page 636, the informative docx files are acquired by the training set, and the signature repository is updated as well, just in case the files are malicious. The detection model is retrained over the updated and extended training set which now also includes the acquired examples that are regarded as being very informative). Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and HARANG to incorporate the teachings of Nissim to include wherein the steps further include performing continuous inline monitoring to determine a current distribution between documents having malicious macros and documents having malicious embedded objects of the malicious documents encountered in production (NISSIM, Table II, and Page. 0639); updating the training of the machine learning model based on any changes in the distribution (NISSIM, Page. 0640) and retraining the machine learning model with updated training data responsive to any changes in the distribution (NISSIM, Page. 0636); and retraining the machine learning model with updated training data responsive to any changes in the distribution (Nissim, Page 636). Doing so would aid maintain the predictive performance of the detection model that serves as the knowledge store of the acquisition process (Nissim, Page. 643). In regards to claim 7, the combination of Wang, NISSIM and HARANG teaches the non-transitory computer-readable storage medium of claim 1, wherein the features include any of document structure metadata, N-grams of document content, suspicious strings, semantic code flow, entropy, a Windows Application Programming Interface (API) call chain, Macro Auto-related function usage, Visual Basic for Applications (VBA) stomping, and usage of an Anti-Virtual Machine (VM) (NISSIM, Page. 0631, Recent targeted attacks aimed at organizations utilize the new Microsoft Word documents (∗.docx). Anti-virus software fails to detect new unknown malicious files, including malicious docx files). Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and HARANG to incorporate the teachings of Nissim to include wherein the features include any of document structure metadata, N-grams of document content, suspicious strings, semantic code flow, entropy, a Windows Application Programming Interface (API) call chain, Macro Auto-related function usage, Visual Basic for Applications (VBA) stomping, and usage of an Anti-Virtual Machine (VM) (NISSIM, Page. 0631). Doing so would aid maintain the predictive performance of the detection model that serves as the knowledge store of the acquisition process (Nissim, Page. 643). In regard to claim 8, the combination of Wang, NISSIM and HARANG teaches the non-transitory computer-readable storage medium of claim 1, wherein the steps further include obtaining data related to the traffic including documents based on the monitoring, which is via a cloud-based system (NISSIM, Page. 0634, Macro can download a malicious executable file from the Internet and open it or download a malicious non-executable file such as a PDF file, and open it and take advantage of a known or unknown vulnerability in that file format). Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and HARANG to incorporate the teachings of Nissim to include wherein the steps further include obtaining data related to the traffic including documents based on the monitoring, which is via a cloud-based system (NISSIM, Page. 0634). Doing so would aid maintain the predictive performance of the detection model that serves as the knowledge store of the acquisition process (Nissim, Page. 643). In regard to claim 9, the method of claim 9 relates to the non-transitory computer-readable storage medium of claim 1. Therefore, the method of claim 9 is rejected for the same reason of obviousness as the non-transitory computer-readable storage medium of claim 1 above. In regard to claim 10, the method of claim 10 relates to the non-transitory computer-readable storage medium of claim 2. Therefore, the method of claim 10 is rejected for the same reason of obviousness as the non-transitory computer-readable storage medium of claim 2 above. In regard to claim 11, the method of claim 11 relates to the non-transitory computer-readable storage medium of claim 3. Therefore, the method of claim 11 is rejected for the same reason of obviousness as the non-transitory computer-readable storage medium of claim 3 above. In regard to claim 15, the method of claim 15 relates to the non-transitory computer-readable storage medium of claim 7. Therefore, the method of claim 15 is rejected for the same reason of obviousness as the non-transitory computer-readable storage medium of claim 7 above. In regard to claim 16, the method of claim 16 relates to the non-transitory computer-readable storage medium of claim 8. Therefore, the method of claim 16 is rejected for the same reason of obviousness as the non-transitory computer-readable storage medium of claim 8 above. In regard to claim 17, the system of claim 17 relates to the non-transitory computer-readable storage medium of claim 1 and method of claim 9. Therefore, the system of claim 17 is rejected for the same reason of obviousness as the non-transitory computer-readable storage medium of claim 1 and method of claim 9 above. In regard to claim 18, the system of claim 18 relates to the non-transitory computer-readable storage medium of claim 2 and method of claim 10. Therefore, the system of claim 18 is rejected for the same reason of obviousness as the non-transitory computer-readable storage medium of claim 2 and method of claim 10 above. In regard to claim 19, the system of claim 19 relates to the non-transitory computer-readable storage medium of claim 3 and method of claim 11. Therefore, the system of claim 19 is rejected for the same reason of obviousness as the non-transitory computer-readable storage medium of claim 3 and method of claim 11 above. In regard to claim 21, the combination of Wang, NISSIM and HARANG teaches the non-transitory computer-readable storage medium of claim 1, wherein the training data is further based on a ratio of documents having malicious macros and malicious embedded objects (NISSIM, Page. 636, the updated model receives a new stream of unknown files on which the updated model is once again tested and from which the updated model again acquires informative files) and (NISSIM, Page. 645, in the first experiment, we found that among five classification algorithms and eight different alternatives of choosing the top features, the configuration that yielded the best results was the SVM classifier trained on the top 100 structural features, which achieved a TPR of 93.34%, FPR of 0.19% and an accuracy of 99.67%. If the number of features plays a significant role, then top 40 could also be used for achieving nearly the same results. The number of features (top 40, top 100) showed that the detection of malicious docx files with high TPR rates requires the consideration of more than just the top ten “trivial” features (macro, embedding, OLE) and must include features that are extracted from deep within the structure of the docx file). Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and HARANG to incorporate the teachings of Nissim to include wherein the training data is further based on a ratio of documents having malicious macros and malicious embedded objects (NISSIM, Page. 636) and (NISSIM, Page. 645). Doing so would aid maintain the predictive performance of the detection model that serves as the knowledge store of the acquisition process (Nissim, Page. 643). In regard to claim 22, the combination of Wang, NISSIM and HARANG teaches the non-transitory computer-readable storage medium of claim 21, wherein 90% of the training data includes malicious documents having malicious macros and 10% of the training data includes malicious documents having malicious embedded objects (Wang, Col. 9, Lines 1-7, as an example, 90% of the data may be used as training data sets for training the machine to learn the characteristics of potential attacks and use the learned knowledge on such characteristics to predict “true” incidents. 10% of the data may be used as test data sets for testing the accuracy in such “true” incidents predictions). In regard to claim 23, the combination of Wang, NISSIM and HARANG teaches the non-transitory computer-readable storage medium of claim 21, wherein the steps include parsing and analyzing documents, wherein the parsing includes parsing Visual Basic for Applications (VBA) project files of the documents to detect macros and embedded objects (NISSIM, Tables II and III, Page. 639, SFEM also extracts features that are strongly indicative of, and related to, the attack techniques used in malicious MS Office files (presented in section 3): (1) malicious macro code via VBA code embedded in the docx file, and (2) malicious Object Linking and Embedding (OLE) objects (presented in Table II). Table II presents the 11 most prominent features. Features f1- f8 are related to the existence of macro code in the document and its activation, Feature f9 is related to the existence of embedded files, feature f10 is related to OLE objects in the document. Feature f11 signifies the presence of an ∗.emf image). Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and HARANG to incorporate the teachings of Nissim to include wherein the steps include parsing and analyzing documents, wherein the parsing includes parsing Visual Basic for Applications (VBA) project files of the documents to detect macros and embedded objects (NISSIM, Tables II and III, Page. 639) and (NISSIM, Page. 645). Doing so would aid maintain the predictive performance of the detection model that serves as the knowledge store of the acquisition process (Nissim, Page. 643). In regard to claim 24, the combination of Wang, NISSIM and HARANG teaches the non-transitory computer-readable storage medium of claim 1, wherein the training includes weighing malicious macros samples higher than malicious embedded object samples (NISSIM, Page. 645, in the first experiment, we found that among five classification algorithms and eight different alternatives of choosing the top features, the configuration that yielded the best results was the SVM classifier trained on the top 100 structural features, which achieved a TPR of 93.34%, FPR of 0.19% and an accuracy of 99.67%. If the number of features plays a significant role, then top 40 could also be used for achieving nearly the same results. The number of features (top 40, top 100) showed that the detection of malicious docx files with high TPR rates requires the consideration of more than just the top ten “trivial” features (macro, embedding, OLE) and must include features that are extracted from deep within the structure of the docx file). Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and HARANG to incorporate the teachings of Nissim to include wherein the training includes weighing malicious macros samples higher than malicious embedded object samples (NISSIM, Page. 645). Doing so would aid maintain the predictive performance of the detection model that serves as the knowledge store of the acquisition process (Nissim, Page. 643). In regard to claim 25, the combination of Wang, NISSIM and HARANG teaches the non-transitory computer-readable storage medium of claim 1, wherein the steps include, after the training, providing the machine learning model to one or more nodes of the cloud-based system for performing detection (Wang, Col. 10, Lines 22-35, in some embodiments, training and testing can be done using a partitioned training data set. With a partitioned training data set, a statistical model can be trained with the extracted feature sets. More specifically, in some embodiments, a statistical model such as a boosted decision tree algorithm is used to predict, based on the extracted features associated with a time segment (which is correlated and synchronized from a log stream and a Snort stream), whether the particular time segment is “good” or “bad.” Other decision tree models can also be used. In some embodiments, the prediction accuracy achieved 90-95% on the test data sets with cross-validation). Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (US 10,462,170 B1), hereinafter Wang in view of the article entitled “ALDOCX: Detection of Unknown Malicious Microsoft Office Documents Using Designated Active Learning Methods Based on New Structural Feature Extraction Methodology” by NISSIM et al., hereinafter NISSIM and further in view of HARANG et al. (US 2021/0241175 A1), hereinafter HARANG and further in view of SAXE et al. (US 2019/0236273 A1), hereinafter SAXE. In regard to claim 6, the combination of Wang, NISSIM and HARANG fails to teach the non-transitory computer-readable storage medium of claim 1, wherein the documents include any of a Microsoft Office file and an Open Office Extensible Markup Language (XML) file. However, Saxe teaches wherein the documents include any of a Microsoft Office file and an Open Office Extensible Markup Language (XML) file (SAXE, Para. 0025, a Microsoft® Word file type can have either an XML file format (.docx) or an OLE2 file format (.doc)). Wang, NISSIM, HARANG and SAXE are all considered to be analogous to the claim invention because they are in the same field of utilizing Machine Learning (ML) model to detect malicious documents, namely Microsoft Office and Office Open Extensible Markup Language (XML) documents. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang, NISSIM, HARANG to incorporate the teachings of SAXE to include wherein the documents include any of a Microsoft Office file and an Open Office Extensible Markup Language (XML) file (SAXE, Para. 0025). Doing so would aid to facilitate the detection of malicious files including, but not limited to, emails, Microsoft® Office documents, archive files, etc.) across a wide variety of file types and/or formats, using a single machine learning model. In some embodiments, a system can detect malicious files across a wide variety of different file types and/or formats, using a single machine learning model (Saxe, para. 0021). In regard to claim 14, the combination of Wang, NISSIM and HARANG fails to teach the method of claim 9, wherein the documents include any of a Microsoft Office file and an Open Office Extensible Markup Language (XML) file. However, Saxe teaches wherein the documents include any of a Microsoft Office file and an Open Office Extensible Markup Language (XML) file (SAXE, Para. 0025, a Microsoft® Word file type can have either an XML file format (.docx) or an OLE2 file format (.doc)). Wang, NISSIM, HARANG and SAXE are all considered to be analogous to the claim invention because they are in the same field of utilizing Machine Learning (ML) model to detect malicious Office documents, namely Microsoft Office and Office Open Extensible Markup Language (XML) documents. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang, NISSIM, and HARANG to incorporate the teachings of SAXE to include wherein the documents include any of a Microsoft Office file and an Open Office Extensible Markup Language (XML) file (SAXE, Para. 0025). Doing so would aid to facilitate the detection of malicious files including, but not limited to, emails, Microsoft® Office documents, archive files, etc.) across a wide variety of file types and/or formats, using a single machine learning model. In some embodiments, a system can detect malicious files across a wide variety of different file types and/or formats, using a single machine learning model (Saxe, para. 0021). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GITA FARAMARZI whose telephone number is (571)272-0248. The examiner can normally be reached Monday- Friday 9:00 am- 6:00 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached at (571)272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GITA FARAMARZI/Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496